What’s an afterimage, you ask? It is a visual phenomenon where a picture continues to appear in your sight, even after you’ve stopped looking at it. You know the one. If you’ve ever seen a spot of light after a bright camera flash, you’ve experienced an afterimage. Try the following experiment. Stare right at bright light source (please, not the sun) for a few seconds, and then close and cover your eyes for about thirty seconds. Open your eyes and look at the light again for about a half a second, then close and cover them again. You’ll “see” the lamp, and then the image will quickly fade away. Great, but what on earth does it have to do with privacy?
Digital Afterimages Explained.
Today, we live our lives digitally. And all our online activities create a sort of afterimage—a trail of our individual transactions or posts or clicks. But unlike mental afterimages, these digital “ghosts” don’t fade, and they can come back to haunt and harm us. There are two very tricky things about these type of cyber afterimages to remember. First, they’re not composed of the digital activity or asset itself, but rather of the artifacts created as a byproduct of that activity or asset. Let’s take a simple example—email. In this case, the thing itself is the content of the email, and encryption protects that content from prying eyes. But there’s also metadata, which is information about the message that’s not the message itself—like sender, recipient, date, time, etc. That’s the afterimage.
Secondly, any one individual afterimage is pretty innocuous. The metadata of one email isn’t really valuable to anyone. But if you collect enough of these data points—especially if it’s achieved across disparate systems for different types of data points—it is possible to construct an astoundingly accurate profile with significant privacy and security implications. This is why, according to an NSA newsletter leaked by Edward Snowden, the collection of his phone metadata was considered one of the agency’s “most useful tools” and a factor in his apprehension.
Connecting the Digital Dots Is Not Hard.
Think about a typical day. As you go about your business, what digital afterimages are being left in your wake? Your daily texts, phone calls, and emails illustrate who you communicate with and how often. When you hop in your car, you may use Waze to find the fastest route, leaving a record of exactly where you’ve gone. A trail of websites you’ve visited can provide information about your life, activities, interests—and even your intentions. If you think that sounds far-fetched, you’d unfortunately be very wrong.
In fact, a 2016 study by Stanford University demonstrated that “telephone metadata is densely interconnected, can trivially be re-identified, and can be used to draw sensitive inferences.” In one case, the researchers were able to “diagnose” cardiac arrhythmia from a series of calls based only on the length and who they were to and from—such as a long call from a medical center’s cardiology group or short calls with a medical lab, drugstore, and self-reporting hotline for a cardiac arrhythmia monitoring device.
In another non-medical case, researchers inferred the simple intent to start growing marijuana based on a series of calls the individual placed to a hardware outlet, locksmiths, a hydroponics store, and a head shop within a three-week period. And this was using just phone metadata. Imagine what could be done with all your digital breadcrumbs. Where would they lead?
Who Should We Be Worried About?
Not to sound paranoid, but there are a lot of folks who would be interested in using our digital detritus to serve their own ends. In some cases, they may even think they’re doing so for the greater good. While that debate is far beyond the scope of one article, it’s good to understand the various ways this type of information could be used. First up, governments. We know the NSA was doing exactly this as part of the war on terrorism. Very broadly, that sounds like a noble cause, though the massive privacy issues force a much more nuanced discussion. But, theoretically, a foreign government looking for espionage recruits could also collect and compile digital data about U.S. citizens to identify people who may be vulnerable to financial pressure or honey traps.
Less insidious, but certainly no less creepy, are the marketers who use aggregate data to determine predictors of a certain state, and then an individual’s data to predict if that person is in that state right now—all to ostensibly deliver advertising that’s highly relevant. It’s good for users! It’s what they want! Yeah, no. Case in point: Back in 2012, a story broke about how Target figured out a girl was pregnant before her family knew. Target had cracked the code for predicting—with an apparently high level of accuracy—if a woman was pregnant, and then they’d send her pregnancy- and baby-related coupons. In this case, the coupons were addressed to a high-school girl. Dad was furious and accused Target of encouraging his teen to get pregnant, and then found out his daughter was indeed pregnant. So, what did Target do? They started adding a few “decoy” ads for non-pregnancy-related products so it wasn’t quite so obvious. Is that better or, in fact, worse? You decide.
Finally, there are cybercriminals. Of course, there’s not even an attempt here to spin a positive reason for their activities. But if there’s a way they can use data to steal money in any way, shape, or form, you can bet they’ll figure it out.
What Can You Do About It?
The glib answer is, it depends on how paranoid you are. Obviously, you should be cyber smart in everything you do. Don’t use unsecured WiFi, don’t visit “not secure” websites, and make sure to always use unique, strong passwords (and change them often). You know the drill. And then, decide the tradeoffs you’re willing to make. If you want to avoid creating any digital afterimages at all, you’ll need to shun the online world entirely. Which means no cell phone, no email, no web browsing, nothing. That’s pretty extreme. Maybe you want to control your digital footprint so you turn off geolocation and minimize the activities you perform online, opting for the old-fashioned channels whenever possible. Or maybe you want to take full advantage of today’s technologies, most of which definitely have some cool benefits. But that should be a deliberate decision you make, with your eyes wide open about the digital clues you may be leaving in your wake.